Cybersecurity is one of the most strategically important areas in computer science, and also one of the most difficult disciplines to teach effectively. Historically, hands-on cyber security exercises helped students reinforce basic concepts, but most of them focused on user level attacks and defenses. Since OS kernels provide the foundations to the applications, any compromise to OS kernels will lead to an entirely untrusted computing. Therefore, it is imperative to teach students the practice of kernel level attacks and defenses. Over the past decade, there has been great interest in using virtualization to profile, characterize, and observe kernel events including the security incidents. Inspired by the great success from virtual machine introspection (VMI), this project aims to provide an advancement by directly building practical VMI tools and libraries (or toolkit) on top of virtualization, and applying them for deep cybersecurity education. The deepness comes from the study of the lower level system internals such as OS kernels. The project will further provide a number of seed contents to teach both instructors and students on utilizing the toolkit to be used for studying not only traditional user level attacks such as buffer overflow, but also defenses inside the OS kernels. The outcome of this project (i.e., the toolkit and the cybersecurity exercises) will contribute to the health, safety, and economic well-being of our society by helping to improve the state-of-the-art in cybersecurity education, especially for effectively performing hands-on cybersecurity exercises.
Continuation of Award #: 1623325
EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education